4 results (0.016 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

OCaml compiler allows attackers to have unspecified impact via unknown vectors, a similar issue to CVE-2017-9772 "but with much less impact." El compilador OCaml permite que los atacantes provoquen un impacto sin especificar mediante vectores desconocidos. Este problema es parecido al de CVE-2017-9772 "pero con un impacto mucho menor." • https://github.com/homjxi0e/CVE-2017-9779 https://caml.inria.fr/mantis/view.php?id=7557 https://sympa.inria.fr/sympa/arc/caml-list/2017-06/msg00094.html •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0

Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAML_CPLUGINS, CAML_NATIVE_CPLUGINS, or CAML_BYTE_CPLUGINS environment variable. Una sanitización insuficiente en las versiones 4.04.0 y 4.04.1 del compilador de OCaml permite que se ejecute código con privilegios elevados en binarios marcados como setuid, estableciendo la variable de entorno CAML_CPLUGINS, CAML_NATIVE_CPLUGINS o CAML_BYTE_CPLUGINS. • http://www.securityfocus.com/bid/99277 https://caml.inria.fr/mantis/view.php?id=7557 https://security.gentoo.org/glsa/201710-07 https://sympa.inria.fr/sympa/arc/caml-list/2017-06/msg00094.html •

CVSS: 9.1EPSS: 2%CPEs: 3EXPL: 0

OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the String.copy function. OCaml en versiones anteriores a 4.03.0 no maneja correctamente extensiones de firma, lo que permite a atacantes remotos llevar a cabo ataques de desbordamiento de buffer u obtener información sensible según lo demostrado por una cadena larga para la función String.copy. An integer conversion flaw was found in the way OCaml's String handled its length. Certain operations on an excessively long String could trigger a buffer overflow or result in an information leak. • http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184507.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00081.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00037.html http://rhn.redhat.com/errata/RHSA-2016-2576.html http://rhn.redhat.com/errata/RHSA-2017-0564.html http://rhn.redhat.com/errata/RHSA-2017-0565.html http://www.openwall.com/lists/oss-security/2016/04/29/1 http://www.openwall.com/lists/oss-security/2016/04/29/6 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-194: Unexpected Sign Extension CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 21EXPL: 0

OCaml 3.12.1 and earlier computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. oCaml v3.12.1 y anteriores calcula los valores de hash sin restringir la capacidad para activar las colisiones hash predecibles, lo que permite a atacantes dependientes de contexto causar una denegación de servicio (consumo de CPU) a través de entrada modificada a una aplicación que mantiene una tabla hash. • http://openwall.com/lists/oss-security/2012/02/07/1 http://openwall.com/lists/oss-security/2012/02/07/2 http://secunia.com/advisories/47853 http://www.mail-archive.com/caml-list%40inria.fr/msg01477.html http://www.mail-archive.com/caml-list%40inria.fr/msg01478.html http://www.nruns.com/_downloads/advisory28122011.pdf http://www.ocert.org/advisories/ocert-2011-003.html • CWE-20: Improper Input Validation •